Storage volume protection supporting legacy systems

US 8,417,969 B2
Filed: 02/19/2009
Issued: 04/09/2013
Est. Priority Date: 02/19/2009
Status: Active Grant

First Claim

Patent Images

1. A method implemented in a computing device, the method comprising:

accessing an encrypted storage volume having been encrypted using an encryption technique supported by some operating systems but not by other operating systems;

if the encryption technique is unsupported by an operating system of the computing device, then;

identifying an access application on the encrypted storage volume;

executing the access application, the access application allowing the computing device to access encrypted data files stored in a first portion of the encrypted storage volume;

accessing a file directory in a second portion of the encrypted storage volume, the file directory identifying locations of one or more files in the second portion as well as locations of multiple cover files in the first portion that include the encrypted data files; and

the access application accessing a protected file directory in the first portion, the protected file directory being stored across two or more of the multiple cover files and identifying locations of the encrypted data files in the first portion; and

if the encryption technique is supported by the operating system of the computing device, then;

the operating system allowing the computing device to bypass the access application and access the encrypted data files stored on the encrypted storage volume.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A storage volume is encrypted using a particular encryption technique, the storage volume including an access application and one or more cover files. The access application can be executed by a computing device having an operating system lacking support for the particular encryption technique, and allows the computing device to access data on the storage volume encrypted using the particular encryption technique.

Citations

20 Claims

1. A method implemented in a computing device, the method comprising:
- accessing an encrypted storage volume having been encrypted using an encryption technique supported by some operating systems but not by other operating systems;
  
  if the encryption technique is unsupported by an operating system of the computing device, then;
  
  identifying an access application on the encrypted storage volume;
  
  executing the access application, the access application allowing the computing device to access encrypted data files stored in a first portion of the encrypted storage volume;
  
  accessing a file directory in a second portion of the encrypted storage volume, the file directory identifying locations of one or more files in the second portion as well as locations of multiple cover files in the first portion that include the encrypted data files; and
  
  the access application accessing a protected file directory in the first portion, the protected file directory being stored across two or more of the multiple cover files and identifying locations of the encrypted data files in the first portion; and
  
  if the encryption technique is supported by the operating system of the computing device, then;
  
  the operating system allowing the computing device to bypass the access application and access the encrypted data files stored on the encrypted storage volume.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method as recited in claim 1, the access application further verifying credentials of a current user of the computing device, and allowing the device to access the encrypted data files only if the credentials are verified.
  - 3. A method as recited in claim 2, the credentials of the current user comprising a password entered by the current user.
  - 4. A method as recited in claim 1, the access application allowing the computing device to access the encrypted data files comprising allowing the computing device read-only access to the encrypted data files.
  - 5. A method as recited in claim 1, the method further comprising:
    - if the encryption technique is supported by the operating system of the computing device, then accessing the protected file directory in the first portion to identify locations of the encrypted data files in the first portion.
  - 6. A method as recited in claim 1, the encrypted storage volume comprising a portable flash memory storage device.
  - 7. A method as recited in claim 1, further comprising displaying a prompt notifying a current user of the computing device that the access application is to be executed in order to access the encrypted data files, and executing the access application only if a user input indicates that the access application is to be executed.
  - 8. A method as recited in claim 7, further comprising automatically displaying the prompt when the encrypted storage volume is coupled to the computing device.
  - 9. A method as recited in claim 1, the protected file directory allowing the computing device to bypass the access application and access the encrypted data files if the encryption technique is supported by the operating system.

10. A method implemented in a computing device, the method comprising:
- generating a discovery volume portion on a storage volume;
  
  storing, in the discovery volume portion, an access application that can be bypassed by a first additional computing device having an operating system supporting an encryption technique used to encrypt the storage volume, and that can be executed by a second additional computing device having an operating system lacking support for the encryption technique used to encrypt the storage volume, the access application allowing the second additional computing device to access data on the storage volume encrypted using the encryption technique; and
  
  storing, across multiple cover files on the storage volume, a protected file directory identifying where one or more encrypted files are stored on the storage volume, the multiple cover files including the one or more encrypted files, and the protected file directory allowing the first additional computing device to access the one or more encrypted files.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 20)
- - 11. A method as recited in claim 10, the access application being executable by the second additional computing device to allow access to the one or more encrypted files only after the access application has verified credentials of a current user of the second additional computing device.
  - 12. A method as recited in claim 11, the credentials of the current user comprising a passphrase entered by the current user.
  - 13. A method as recited in claim 10, the storage volume comprising a portable flash memory storage device.
  - 14. A method as recited in claim 10, further comprising including in the discovery volume portion a reserved part in which at least part of a new version of the access application can be stored.
  - 15. A method as recited in claim 10, further comprising storing, in the discovery volume portion, an autorun file that indicates to the second additional computing device to display, when the storage volume is coupled to the second additional computing device, a prompt notifying a current user of the second additional computing device that the access application is to be executed in order to access the one or more encrypted files.
  - 16. A method as recited in claim 15, the access application being executable by the second additional computing device to allow access to the one or more encrypted files only after a user input in response to the prompt indicates the access application is to be executed, and only after the access application has verified credentials of the current user.
  - 17. A method as recited in claim 10, wherein the access application is allowed read-only access to the one or more encrypted files.
  - 20. A method as recited in claim 10, further comprising storing, in the discovery volume portion, an additional protected file directory identifying where the one or more encrypted files are stored on the storage volume, the additional protected file directory allowing the access application to access the one or more encrypted files.

18. A storage volume comprising:
- a first portion storing both one or more encrypted files and a protected file directory of the one or more encrypted files, the protected file directory being accessible to one or more devices with operating systems that support an encryption technique used by the storage volume, the protected file directory allowing the one or more devices with operating systems that support the encryption technique used by the storage volume to bypass an access application, the one or more encrypted files being stored in multiple cover files of the first portion, and the protected file directory being stored across two or more of the multiple cover files;
  
  a second portion storing both the access application that is executed by one or more other devices with operating systems that lack support for the encryption technique used by the storage volume and a file directory of one or more files in the second portion as well as the multiple cover files in the first portion, wherein execution of the access application can be done without administrator privileges on the one or more other devices; and
  
  the access application, when executed, verifying credentials of a user of one of the one or more other devices and allowing the user to access the one or more encrypted files even though the one of the one or more other devices lacks support for the encryption technique used by the storage volume.
- View Dependent Claims (19)
- - 19. A storage volume as recited in claim 18, the second portion further storing a particular sequence of bits at a particular location to identify to the one or more devices with operating systems that support the encryption technique that the storage volume is encrypted using the encryption technique.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Humphries, Russell, Ureche, Octavian T., Ferguson, Niels T., Xie, Ping
Primary Examiner(s)
Abrishamkar, Kaveh
Assistant Examiner(s)
Stoica, Adrian

Application Number

US12/388,811
Publication Number

US 20100211802A1
Time in Patent Office

1,510 Days
Field of Search

None
US Class Current

713/193
CPC Class Codes

G06F 21/78 to assure secure storage of...

Storage volume protection supporting legacy systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Storage volume protection supporting legacy systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links